Vulnerability CVE-2013-7488

Vulnerability Name:

CVE-2013-7488 (CCN-180760)

Assigned:

2013-10-08

Published:

2013-10-08

Updated:

2022-10-07

Summary:

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-835

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-7488

Source: XF
Type: UNKNOWN
perlconvertasn1-cve20137488-dos(180760)

Source: CCN
Type: perl-Convert-ASN1 GIT Repository
Unsafe decoding creates infinite loop #14

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/gbarr/perl-Convert-ASN1/issues/14

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-9fa782be3e

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-d8bc3a9874

Vulnerable Configuration:

Configuration 1:

cpe:/a:convert::asn1_project:convert::asn1:*:*:*:*:*:perl:*:* (Version <= 0.27)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7738	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3424	P	accountsservice-0.6.42-16.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3144	P	libXrandr2-1.5.0-6.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3234	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94774	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94536	P	dbus-1-glib-0.108-1.29 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:263	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1192	P	Security update for go1.17 (Important)	2022-03-04
oval:org.opensuse.security:def:113111	P	perl-Convert-ASN1-0.31-2.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106546	P	perl-Convert-ASN1-0.31-2.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:97016	P	librelp-devel-1.2.15-1.15 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:101249	P	binutils-devel-32bit-2.35.1-7.18.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62281	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72022	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101039	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64513	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:73635	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:97437	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:107915	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:90472	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:64323	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:73445	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:117430	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:104127	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-21
oval:org.opensuse.security:def:32924	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:60261	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:43765	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:34438	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:39335	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:45146	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:40716	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:87388	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:58747	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19

BACK